Comment by mindslight

I'm not really looking to litigate the larger point with you. I had really thought you were coming from a place of not liking the CFAA but interpreting it as harshly as possible (especially with that username!)

In general in this argument here and our previous argument, you're focused solely on intent to the exclusion of analyzing actual actions. You're then attributing malevolence to the intent of the individuals acting, while giving a pass to the companies (in this case Mazda) that is also operating with malicious/adversarial intent. You're missing that criminality also revolves around specific actions - in this case unauthorized access.

> people (or companies!) buying devices with software they don't like was never something CFAA was intended to address.

It most certainly addresses this. If I loaded up a PC with a remote access trojan, sold it on the used market, and then spied on the buyer, I would be looking at a CFAA prosecution. This is exactly what companies are doing with embedded spyware, yet it's not prosecuted.